ato logo
Search Suggestion:

Foreign Investment Stakeholder Group key messages 20 July 2023

Key topics discussed at the Foreign Investment Stakeholder Group meeting 20 July 2023.

Published 8 November 2023

Online services for foreign investors

Online services for foreign investors is an authenticated, digitalised service for foreign investors and their representatives to interact with the ATO to meet their foreign investment obligations. It has been introduced to support the new Register of foreign ownership of Australian assets, part of the 2020 national security reforms to increase transparency over foreign ownership in Australia.

The introduction of Online services for foreign investors strengthens the security of ATO interactions to help protect intermediaries and their clients against fraud and identity-related theft. The security and fraud environment are shifting with increasing attempts to commit identity theft and fraud and is an important step to keep strengthening the security of ATO online services to protect client information.

To log in to Online services for foreign investors a myGovID is required. This can be obtained using the myGovID app. myGovIDExternal Link is the Australian Government’s Digital Identity app that lets you log in to a range of government online services. It is different to a myGov account.

The strength of an identity within myGovID is based on the information that can be provided and verified.

Identifying details within myGovID and Online services for foreign investors must match the details used on any previous Foreign Investment Review Board applications. First time applicants should use their legal name.

Foreign investors with an Australian Business Number (ABN) will need to set up both myGovID and Relationship Authorisation ManagerExternal Link (RAM) before accessing Online services for foreign investors. RAM is an authorisation service that allows access to Online services for foreign investors on behalf of a business.

Further information is available at:

Authorisations and digital identity

Questions and answers

Question

Answer

How do I know if I am authorised to act on behalf of the foreign investor?

You can view and manage all of your authorisations through RAM or Online services for foreign investors.

How do I identify the principal authority of a business?

The principal authority is the person responsible for the business. For example, an Australian representative of the business, trustee, director or partner.

Is it secure to enter the details of my identity documents when I set up my myGovID?

myGovID uses encryption and cryptographic technology as well as the security features built-in to your device, such as fingerprint or face. This is to protect your identity and help stop other people accessing your information.

 

Your details are checked against existing government records to prove your identity. When using government online services, your personal information will not be shared without your permission - putting you in control.

 

Once you have verified your identity documents to set up your myGovID, they become locked to your myGovID email and cannot be verified again by another myGovID.

Will myGovID make it easier for someone to steal and use my personal information?

myGovID is accredited under the Trusted Digital Identity Framework which strictly controls how your identity data is collected, stored, and used.

 

To access the myGovID app you need to have a password and you can opt to use the built-in security features in your device, such as fingerprint or face, to further protect your digital identity. This ensures that if your smart device is lost or stolen your myGovID remains protected.

 

You have control of your personal information at all times and nothing will be shared without your permission.

 

The Digital Transformation Agency and the ATO have completed Privacy Impact Assessments and worked with independent consultants throughout the process to ensure the security of myGovID.

Can a principal authority or authorisation administrator access the details of my, myGovID?

No, your myGovID belongs to you and should not be shared with others.

Can multiple individuals from different firms be authorised by a client as authorisation administrators? If so, are authorisation administrators only able to revoke authorisation for other individuals that they themselves have authorised, or are they able to amend authorisations provided by someone else, for example, revoke access for a different authorised representative from a different firm?

An entity can have multiple authorisation administrators appointed in RAM.

 

An authorisation administrator can set up and manage all authorisations in RAM only for the entity they have been authorised by to do so.

 

An authorised administrator can edit and revoke all accesses, except for the principal authority.

 

A principal authority can assign multiple people from different firms as authorised administrators.

If I set up my myGovID using a personal email address, do client authorisations need to be sent to that address?

A business email can be used when setting up an authorisation for a representative in RAM, it does not need to match the email address they used to set up their myGovID.

 

However, the email address should only be able to be accessed by them, as this is where the authorisation request and future notifications are sent.

Registering assets

Questions and answers

Question

Answer

How is a register notice completed for acquisitions of land entities, (to the extent that they are not entity acquisitions which separately need to be reported under subdivision C of Division 3 of Part 7A)?

This question has been taken on notice and an answer will be made available in due course.

How can firms maintain uninterrupted access to Online services for foreign investors in the event of an authorised user (appointed by client) being unexpectedly absent or leaving permanently?

Communications will still go via email for some notifications, others will show in the Online services for foreign investors account, and any authorised users will have access to this.

 

Clients may wish to appoint multiple authorisation administrators in RAM to overcome this issue.

 

Online services for foreign investors allows any authorised person to see what was submitted, when, and have the option of amending or updating as required.

Can an authorised user amend or alter a client’s existing information or records within the register including where these activities may have originally been completed/recorded by another entity?

The ATO has strong protections in place over information in its systems. All actions in Online services for foreign investors, like any other ATO record, are recorded and the history is retained, even if the event is no longer visible in the system.

 

Changes made to an existing registered asset within Online services for foreign investors will prompt an internal review by ATO staff.

 

An authorised user can print (including saving as a pdf) any event or registration they have completed to retain a record with a submission number, for proof of what they submitted.

 

Practitioners should consider whether their internal governance processes require updating to reflect this new way of doing business, including documents and records management systems.

Is there a risk with respect to the disclosure of confidential information given an authorised representative (of which there may be many) is able to access all of the information on the register.

Whilst the system allows an agent to view this information, it does require a person to actively seek that information. It would be incumbent upon the practitioner to ensure they do not breach their authority and actively seek material they are not authorised for.

We also note that this information is protected information, and any unauthorised use or disclosure of such information by a practitioner is an offence.

The terms and conditions for the use of Online services for foreign investors can be found here - ATO Online services for foreign investors terms and conditions.

For legal practitioners who are authorised representatives, would inadvertent exposure to confidential information in connection with another interest create a potential for conflict between the duty of confidentiality and the duty of disclosure? For example, if the lawyer acts for another client and information they inadvertently see within the service is relevant to a matter on which they are working for that other client, they will be in a position of conflict.

The ATO complies with National Privacy Principles and relevant privacy impact assessments have been conducted as part of the development of the new system.

 

Where a conflict of interest exists, perceived or real, the practitioner will have a duty to disclose and manage that conflict.

 

Whilst the system allows an agent to view this information, it does require a person to actively seek that information. It would be incumbent upon the practitioner to ensure they do not breach their authority and actively seek material they are not authorised for, in line with professional ethical requirements.

 

 

QC73650